from typing import Optional

from app.core.security import decrypt_secret
from app.schemas.credentials import Credential
from app.services.cloud_providers.aliyun import AliyunProvider
from app.services.cloud_providers.base import BaseProvider
from app.services.cloud_providers.tencent import TencentProvider
from app.services.cloud_providers.volcano import VolcanoProvider


class CloudProviderFactory:
    @staticmethod
    def get_provider(credential: Credential) -> BaseProvider:
        """根据凭据创建对应的云厂商适配器实例。"""
        # Decrypt secret key
        # Note: Credential object from datastore has 'encrypted_secret' usually, 
        # but the Pydantic model 'Credential' has 'secret_preview'.
        # We need the full document or we need to fetch the secret.
        # The 'Credential' schema in schemas/credentials.py doesn't have the encrypted secret.
        # We might need to fetch the raw document or update the schema to include it (internal use).
        # Or, we pass the raw dict or a different model.
        # Let's assume we can get the decrypted secret here.
        # Wait, `datastore.py` `_to_credential` does not return the secret.
        # We need a method in `datastore` to get the full credential including secret for internal use.
        
        # For now, let's assume the caller passes the decrypted secret or we fetch it.
        # But `Credential` object passed here is likely from `list_credentials` which doesn't have it.
        # We should probably pass `credential_id` and let the factory or service fetch it.
        # Or `get_provider` takes `provider_name`, `access_key`, `secret_key`.
        pass

    @staticmethod
    def create(provider_name: str, access_key: str, secret_key: str, region: str = "") -> BaseProvider:
        if provider_name == "tencent":
            return TencentProvider(access_key, secret_key, region)
        elif provider_name == "volcano":
            return VolcanoProvider(access_key, secret_key, region)
        elif provider_name == "aliyun":
            return AliyunProvider(access_key, secret_key, region)
        else:
            raise ValueError(f"Unsupported provider: {provider_name}")
